The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches.
(Image: Twitter/@AleksandrBKogan)

Facebook recently shut down 'Lifestage', its standalone social networking app that it released a year ago for high schoolers. The Snapchat-like app was intended to help teens find and connect with other classmates who went to their school. Only users aged 21 or younger could sign up for it.

NEW DELHI: After Facebook admitted that hackers broke into nearly 50 million users' accounts by stealing their "access tokens" or digital keys, cyber experts on Saturday warned over 2.3 billion users to log out and log back into Facebook, or any of third-party apps that use Facebook login.

Facebook has reset the access tokens of almost 50 million accounts it knew were affected. It has also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to "View As" look-up in the last year.

"For now, logging out and back in is all that is necessary. The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms," Chester Wisniewski, Principal Research Scientist with global cyber security major Sophos, told IANS.

According to Dr Gary McGraw, Vice President of Security Technology, Synopsys (Software Integrity Group), this breach emphasises just how important software security is, and how subtle solid security engineering can be.

"When a feature like 'View As' can be turned on its head into an exploit, it indicates a design problem that led to unanticipated security vulnerability," noted Dr McGraw.

Facebook Data Breach Making Headlines, Here's How Other Scandals Began

of 6

Next

Prev

Play Slideshow

The Big Breach

10 Apr, 2018

The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches.
(Image: Twitter/@AleksandrBKogan)

Card Sharks

10 Apr, 2018

In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russian and Ukrainian gang hacked into the records for over seven years, breaching 8,00,000 bank accounts and stealing more than 160 million credit and debit card numbers. While his colleagues did the hacking, 32-year-old Russian Roman Kotov was charged with mining the data.

Bay Thieves

10 Apr, 2018

While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to change their passwords, but said that financial information was stored separately and hence, remained safe. One mind boggling detail is that the unknown hackers had access to eBay’s accounts for 229 days.

Soupnazi

10 Apr, 2018

In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data breach, where hackers stole more than 130 million credit and debit card numbers from the payment processing system in 2008. College dropout Gonzalez used several screen names like ‘soupnazi’ (a reference to the popular Seinfeld episode), ‘kingchilli’ and ‘cumbajohny’ in the TJX hack. While Gonzalez was arrested in a Miami hotel, officials found $1.6 million in cash hidden in plastic bags in a drum buried at his parent’s backyard. The soupnazi was sentenced to 20 years in prison in 2010.

Stop Phishing

10 Apr, 2018

The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in 2014, when just one user at an Anthem subsidiary opened a phishing email. It gave access to the company’s warehouse. In 2017, Anthem reached a settlement of $115 million — the money will reportedly be used to pay for an additional two years of credit monitoring for the breach’s victims.

Next

"Design flaws like this lurk in the mind boggling complexity of today's commercial systems, and must be systematically uncovered and corrected when software is being designed and built," he added.

If you've ever wondered what keeps you logged into your account even after you restart your laptop/browser - those are access tokens (cookies).

They maintain a constant session even when your IP changes.

"In this case, hackers were able to steal these tokens, which basically means the hacker could fool Facebook servers to believe they are the authorised users of the target's account that would give the attacker, complete access of the target's account," said Saket Modi, CEO and Co-Founder of Lucideus, an IT risk assessment and digital security services provider.

According to experts, they don't know for how long the vulnerability existed, who the hackers were and the extent of damage that might have been caused in terms of stealing not only one's profile data but, in this case, potentially the personal messages, pictures and chats, among others.

"As a precaution, all Facebook users must log out and re-login into all the gadgets that they have their Facebook session active like your cell phone (app or browser), laptop and desktop, etc," Modi advised.

Facebook Innovations That Turned Out To Be Duds

of 5

Next

Prev

Play Slideshow

RIP Lifestage

12 Aug, 2017

Facebook recently shut down 'Lifestage', its standalone social networking app that it released a year ago for high schoolers. The Snapchat-like app was intended to help teens find and connect with other classmates who went to their school. Only users aged 21 or younger could sign up for it.

You've Got Mail. Not!

10 Aug, 2017

The tech giant started an email service that offered users an @facebook.com address, in November 2010. However, it was quietly dropped after Facebook admitted that a majority of people weren't using it.

Riff Goes O'er The Cliff!

10 Aug, 2017

Just a few months after launching Snapchat competitor, Riff, a collaborative video creation app for both iOS and Android users in 2015, Facebook plugged the plug on it.
However, the tech giant said that most of the features of the app had been integrated into the main Facebook app and Messenger.

No Takers For Paper

10 Aug, 2017

Facebook shut down Paper, a stand-alone iOS app that was part News Feed, part newsreader, in 2016, two years after its launch. The app changed the user experience with customisable sections for politics, technology, food, and other subjects. However, the app that impressed critics failed to attract a large audience and was consequently shut down.
(Image: Facebook/searchinfomedia)

Slinging A Dud!

10 Aug, 2017

Facebook's third attempt to capture Snapchat's market, named Slingshot, too crashed. Though the idea was to make Slingshot more than a Snapchat clone, you could only view an incoming message (shot) after you send a 'shot' to the sender, Facebook didn't manage to capture the market.
The app was discontinued and removed from the App store and Google Play store in December 2015, after Facebook shut down its Creative Labs division.

Next

Facebook said it does not know who is behind this massive security attack.

"We're working hard to better understand these details and "we will update this post when we have more information, or if the facts change," said the company.

In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon.

0Comments

Want stories like this in your inbox? Sign up for the daily ET Panache newsletter.